CVE-2023-32804 — Out-of-bounds Write in LTD ARM 5TH GEN GPU Architecture Userspace Driver

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 65.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM LTD ARM 5TH GEN GPU Architecture Userspace Driver ARM LTD Bifrost GPU Userspace Driver ARM LTD Midgard GPU Userspace Driver +7 more

Timeline

PublishedDec 4

Description

Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5arm_ltd/bifrost_gpu_userspace_driverr0p0 — r44p0

▶CVEListV5arm_ltd/midgard_gpu_userspace_driverr0p0 — r32p0

▶CVEListV5arm_ltd/valhall_gpu_userspace_driverr19p0 — r44p0

▶CVEListV5arm_ltd/arm_5th_gen_gpu_architecture_userspace_driverr41p0 — r44p0

▶NVDarm/bifrost_gpu_kernel_driverr0p0 — r44p0

🔴Vulnerability Details

GHSA

GHSA-jhf5-g2pq-ppg2: Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver,↗2023-12-04

▶

📋Vendor Advisories

Android

CVE-2023-32804: Mali↗2023-12-01

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2023-32804↗2023-08-23

▶